httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Sysoev ...@rambler-co.ru>
Subject Re: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
Date Fri, 21 Jun 2002 10:47:42 GMT
On Fri, 21 Jun 2002 harald@deppeler.org wrote:

> Concerning this vulnerability: is safe to assume that a patched
> reverse proxy will protect a vulnerable back end server from such
> malicious requests?

I think that even unpatched Apache will protect backend - as all modules
that have deal with clients body mod_proxy does not support client's
chunked request. Of course, unpatched frontend is still vulnerable.

Igor Sysoev
http://sysoev.ru


Mime
View raw message